By
Bryan Brake - CISSP | Information Security | Vuln Management.
Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

“According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, when WooCommerce is installed it will create a Shop Manager role that has the "edit_users" WordPress capability/permission. This capability allows users to edit ANY WordPress user, including the Administrator account.”

You (Kevin) discovered the admin accounts, but could not remove them. Was that when you considered this an ‘incident’?

Timeline:“[2019-03-22 09:03 EST] Kevin assigns members of the Secure Ideas team with reconnaissance and mapping of the AoM system. Kevin reminds these members that Secure Ideas doesn’t have permission to test AoM. They are advised not to do anything that could harm the AoM’s production environment.”

What is the line they should not cross in this case?

You did not have access to logs, you asked that an audit plugin be installed to be able to view logs. Is that permanent, and why did they not allow access to logs prior to?

[2019-03-22 13:11 EST] AoM Support fixes the audit log plugin access. AoM Support has found that a purchase of a course through a Woocommerce plugin resulted in users being granted admin access. AoM Support provides specific order numbers. They have also done an analysis of the database backups from the last 60 days and believe that the attackers did not do anything after they got access. AoM Support announces that the Secure Ideas training site will be set up on a separate server and Secure Ideas will be granted a new level of access.

Seems like working with AoM wasn’t difficult. Was giving you access to your own instance, and allowing you to administer it a big deal for them?

Lessons Learned? Anything you’d do differently next time?

Update IR plan?

Did they reach out for additional testing?

Did the people who got admin get removed?

Consult with AoM on better security implementation? Your env wasn’t damaged, but did they suffer issues with other customers? *answered*

Agenda: Announce the conference CFP: up soon CFW: up soon Campers: Friday night/Saturday night Like “toorcamp”, but if it sucks, you can drive home… :D Limiting tickets, looking for sponsors To support the conference and future initiatives: “Infosec Education Foundation” 501c3 non-profit (we are working on the charity part) www.infoseccampout.c ...…

Show Notes SpecterOps and Tim Tomes are giving training at WorkshopCon https://www.workshopcon.com Rob Cheyne Source Boston - https://sourceconference.com/events/boston19/ Architecture is not an implementation, but a way of thinking about a problem that has potentially many different answers, and no one single "correct" answer. https://github.c ...…

BIO: Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter and kube-bench. She was Co-Chair of the CNCF’s KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-author of the O’Reilly Kubernetes Secur ...…

Adam Baldwin (@adam_baldwin) Director of Security, npm https://foundation.nodejs.org/ https://spring.io/understanding/javascript-package-managers Role in the NodeJS project Advisory? Active role? Maintain security modules? Are there any requirements to being a dev? Are there different roles in the NodeJS environment? Is there any review of syst ...…

Where in the world is Ms. Amanda Berlin? Keynoting hackerconWV Election Security Cuyahoga County: Intro: Jeremy Mio (@cyborg00101 Name? Why are you here? Discussing Ohio does election operations. Walk through the process Pre-Elections Elections Night Post Elections All about the C.I.A. Votes must be confidential Votes must not be compromised (i ...…

@IanColdwater https://www.redteamsecure.com/ *new gig* So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home? https://kubernetes.io/docs/setup/minikube/ Kubernetes - up and running https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/1491935677 General w ...…

Ian Coldwater- @IanColdwater https://www.redteamsecure.com/ *new gig* So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home? https://kubernetes.io/docs/setup/minikube/ Kubernetes - up and running https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/14919 ...…

@InfoSecSherpa I have two talks coming up: Empathy as a Service to Create a Culture of Security at the Cofense Submerge conference Deep Dive into Social Media as an OSINT Tool at the H-ISAC Fall Summit (Health Information Sharing and Analysis Center) *Shameless Plug* My Nuzzel newslettershttps://nuzzel.com/InfoSecSherpa https://nuzzel.com/InfoS ...…

Derbycon is probably one of the best infosec conferences of the calendar year. The podcast always has so much fun meeting listeners, meeting new people, and getting some audio to share with folks who can't be there. This year, we still got some audio, and it's great. We talked with Cheryl Biswas (@3ncr1pt3d) with her talks at #Derbycon and her ...…

Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't get bit by a potential issue perhaps months down the line. Check out our Store on Teepub! https://brakesec.com/store ...…

Part 2 of our interview with Chris Hadnagy Discuss more about his book, best ways to setup your pre-text in an engagement how you might read someone on a poker table a great story about Chris's favorite person “Neil Fallon” from the rock band “Clutch” and we talk about “innocent lives foundation”, something near and dear to Chris' heart. We sta ...…

We are back with a new episode this week! We got over our solutions for some of the #derbyCon ticket #CTF challenges and include links to some of the challenges. We talk about Windows Event Forwarder, and all log forwarders seem to losing events! Thanks to our Patrons! Gonna be at Derbycon, come see us! Congrats to our Derbycon Ticket CTF winne ...…

CTF information: Official site: https://scoreboard.totallylegitsite.com (thanks Matt Domko (@hashtagcyber) for hosting and allowing us to use his employee discount!) Please do not pentest the environment, not DDoS, nor cause anything undesirable to happen to the site. View the page, submit the flags, leave everything else alone... Derbycon Auct ...…

Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD, MO this week, after what was a well-received talk on building community. Lots of other excellent talks from speakers like Ms. Sunny Wear , ...…

Ben Caudill @rhinosecurity Spencer Gietzen @spengietz Rhino Security - https://rhinosecuritylabs.com/blog/ AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ What is the difference between this and something like Scout or Lynis? Is it a forensic or IR tool? How might offensive peo ...…

After the recent Tesla insider threat event, BrakeSec decided to discuss some of the indicators of insider threat, what can be done to mitigate it, and why it happens. news stories referenced: https://www.infosecurity-magazine.com/news/teslas-tough-lesson-on-malicious/ https://www.scmagazine.com/tesla-hit-by-insider-saboteur-who-changed-code-ex ...…

Ms. Berlin’s mega tweet on protecting your network https://twitter.com/InfoSystir/status/1000109571598364672 Utica College CYB617 I tweeted “utica university” many pardons Mr. Childress’ high school class Laurens, South Carolina Probably spent as much as a daily coffee at Starbucks… makes all the difference. CTF Club, and book club (summer read ...…

https://darknetdiaries.com/ Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when anonymou ...…

GDPR will affect any information system that processes or will process people… like it or not. Derby Tickets CTF and auction Keynote Converge Detroit I’ll be at nolacon too Boettcher Recap BDIR #3 https://blog.netwrix.com/2018/05/01/five-reasons-to-ditch-manual-data-classification-methods/ https://blog.networksgroup.com/data-loss-prevention-fun ...…

Loading …

Welcome to Player FM

What if radio played only the shows you care about, when you want? Player FM is scanning the web for high-quality podcast content right now. Try us out on any web browser — desktop, mobile, or tablet.

Take it with you

Start listening to Brakeing Down Security Podcast on your phone right now with Player FM's free mobile app, the best podcasting experience on both iPhone and Android. Your subcriptions will sync with your account on this website too. Podcast smart and easy with the app that refuses to compromise.

Guides you to smart, interesting podcasts based on category, channel, or even specific topics

Right from the start, I found the experience of using Player FM enjoyable … I’m actually rather surprised this app is free.

Looking for a high-quality podcasts app on Android? Player FM might just be it.

Player FM isn’t just about looks: What sets the app apart from other podcasting applications is its emphasis on discovery.

Security Management Highlights brings the security professional expert interviews and information on the most critical industry topics. Join host Chuck Harold as he interviews thought leaders and industry professionals, as well as editors from the magazine.

For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Note: This is only Paul's Security Weekly, recording once per week and typically 2 hour shows.

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

Security. Some assembly required. Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk. This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise. Follow us on Twitter: @DtSR_Podcast Check out Rafal's SecurityWeek column: http://www.securityweek.com/authors/rafal-los